Difference between revisions of "Virtual Machine Image Endorsement"
Line 39: | Line 39: | ||
|} | |} | ||
= Documents and Policies | = Documents and Policies = | ||
Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents | Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents | ||
Line 46: | Line 46: | ||
[https://wiki.egi.eu/wiki/SPG:Drafts SPG Drafts under development] | [https://wiki.egi.eu/wiki/SPG:Drafts SPG Drafts under development] | ||
= Communication and contacts = | = Communication and contacts = |
Revision as of 13:35, 9 June 2015
Goal
Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is well-configured, secure and up-to-date.
Image types
Type | Description | Managed by |
---|---|---|
EGI | General purpose images. Based on largely used Oses | EGI |
VO-specific | VO specific images, available to a specific VO and customized for specific purposes | VO-expert |
Activities
Activity | Description |
---|---|
A1. Image setup |
Set up an image ready to be used by a Resource Provider |
A2. Image hardening |
Procedure that provides first configuration, security and updates to a given image output of A1 |
A3. Image publishing |
Procedure that takes and image ready from A2 and makes it available on AppDB with proper tags, metadata, links |
Documents and Policies
Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents
It is particularly relevant the Security Policy for the Endorsement and Operation of Virtual Machine Images and a draft of a Virtualisation Policy.
Communication and contacts
SSO group available: vm-image-endorsement@mailman.egi.eu
Contact: vincenzo.spinoso@egi.eu
Procedures
OLD STUFF
EGI core VM endorsement
Here the endorsement of the "core" EGI VM images is shown in detail.
Activity
Images to support as EGI.eu
Communication/documentation:
VO VM endorsement (and pilot)
EGI will involve the VOs, inviting them to insert/update their images, following the new guidelines and accepting the relevant policies. EGI can give support especially in the first round of creation of the VO images.
Educating VM/VA preparators on how to prepare secure images. Documentation from the first step (preparation of the VM) is needed, and security advisories/recommendations/procedures.